If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

So you want to log events from your firewall to a hosting 3rd party hosting company? I would asume that if they already said you had to purchase a dedicated server then they probibly wont help you. I really dont know any hacks for this as I'm reading about it right now The only thing I could think of would be to do it yourself with a small box. Make it your syslog machine and have it do nothing more then this....so it could be small. Ive googled and found these.

There are tons of free syslog daemons out there but this isn't your problem. Your issue is having a host up 24x7 to receive the events. Honestly, I haven't seen too many home users install an enterprise class PIX firewall for simple home use. If you've got the green to power that beast 24x7, then you will have no issue getting an old PIII box and simply leave that thing up around the clock.

A few things I would do.

1) Archive log data weekly via gzip.
2) Make your syslog server is a Linux distro with a dedicated slice (such as var) for your log data. If for some reason you fill the partition, at least the system will stay up.
3) Don't flood the syslog box with meaningless PIX log data such as connection setups and tear downs. You'll have so much data you'll never be able to sift through it all.

Anyway, just a few ideas for you.

--Th13

Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Tonight I have actually setup PIX logging to my OS X box. I figured in the beginning I would collect logs when I was online and start doing some analysis and if it gets interesting, I will look into setting up a dedicated box.

So for those who are interested, the logging levels I have setup as follows:

I was going to setup trap logging level to 'informational' but it ended up logging too much data including all the URL's on the outgoing traffic.

It is interesting from the logs to see what ports are being scanned on my connection. Now I need to find a script on how to correlate the logs and maybe find out how to submit my logs to DShield. I don't think there is a DShield client for OS X at the moment. I have only seen one for Windows.

This is all phun stuff.

Cheers,
Hattori Hanzo

\"Luck is what happens when preparation meets opportunity.\"
(Roman philosopher, mid-1st century AD)

Why use a public server for this.. This also means that ISP can look at your firewall logs.. Not my choice.. Also note that syslog is clear-text UDP. Quite easily spoofed.. It's not a good idea to open up a syslog server to the Internet..

Why don't you dig up some old PC?.. Install Linux or *BSD.. Use that as a syslog server.. As an added bonus you can play around with things like snort..

Oliver's Law:
Experience is something you don't get until just after you need it.

Good and valid points. Now I am using syslog on my OS X box (on my home network) to collect the PIX logs. Just got the fwanalog shell script working tonight which generates some nice graphs and PIX denied traffic analysis. fwanalog (http://tud.at/programm/fwanalog/) is highly recommended for anyone who wants to analyse PIX logs.

I setup a Snort box a few years ago on a laptop. Had it running for a week or so, then the hard disk died on me.

\"Luck is what happens when preparation meets opportunity.\"
(Roman philosopher, mid-1st century AD)